Fortinet bolsters endpoint security platform with MITRE ATT&CK tags for system activity
Fortinet’s endpoint security platform FortiEDR has been bolstered with additional capabilities including MITRE ATT&CK tags for system activity, extended detection and response capabilities, and new managed detection and response features.
MITRE ATT&CK is a framework and knowledge pool used by defenders to understand and classify threats and attacks to help organisations understand their risk.
New capabilities within FortiEDR can now use code tracing technology to track all system activities. This enables organisations to identify risky behaviour and block it before an attack occurs. According to Fortinet, the MITRE ATT&CK approach is able to decrease false positives and detect more threats such as zero-days and supply chain attacks.
FortiEDR also features extended detection and response (XDR). This complements a swath of managed detection and response (MDR) service options.
Automated EDR provides:
- Cloud-native endpoint security: Helps secure workers’ computers on and off the network, providing visibility into and reduces the endpoint attack surface with a lightweight agent whose operation is transparent to users.
- Integrated endpoint protection (EPP) with EDR: Prevents attacks pre- and post-execution, and detects threats that bypass the prevention layer. Quick response to minimise business impact.
- Managed detection and response (MDR) service: Delivers 24x7 threat monitoring, alert triage, remote response and environment tuning.
FortiEDR’s incident response playbooks also enable organisations to pre-define common response actions based on endpoint groups, asset value and threats categorisation. This allows companies to take a risk-based approach to endpoint security, and speed the incident response process.
According to FortiGuard Labs, there was a sevenfold increase in ransomware attack volumes in the second half of 2020 as threat actors evolved ransomware-as-a-service.
The company states, “As modern ransomware attacks place data and lives at risk, organisations need to secure their environments and to protect critical infrastructure.”
FortiEDR delivers ransomware protection without any dependency on shadow copies that the more sophisticated cyber attacks often disable.
“This advancement in endpoint security is critical to defend against the sophistication and maliciousness of recent high profile cyber attacks and evolution of ransomware,” comments Fortinet EVP of products and CMO John Maddison.
Other capabilities thwart other classes of advanced threat while maintaining high availability before and during a security incident. This also buys the time needed for full incident response.
“In the past year, FortiEDR customer adoption grew more than 300%. This advancement in endpoint security is critical to defend against the sophistication and maliciousness of recent high profile cyber attacks and evolution of ransomware,” concludes Maddison.